CWP custom kernel with security level similar to SeLinux.
Since this protection is MAC at the kernel level meaning all not allowed by the policy by default is denied and that provides the highest security for your system.
Not supported systems: openVZ, cloudlinux
Supported: All servers having ability to run & install default centos kernel.
How does it work?
We need to define into policy each binary file which is executed and specify allow list of rules for it.
We can allow per application, user, program, service access to specif file, port, ip ...
We can allow for example that test.php file of the user "john" located at /home/john/public_html/test.php can be executed only by john user and only from php-cgi program which needs to be run by the john user.
File Based restrictions (please note all not allowed, by default is denied)
This rules allows to perform network socket operations.
This rules allows to perform unix socket operations.
This protection can limit connection on the ip and/or port,
deny read/write/execute.... access to the files if owner is not match....
At the moment we have defined more than 650 rules which works with cwp only.
List of possible limits is huge so we can't add all info here.
Since this requires maintenance at the moment its available only for our clients having an active support service.
If you have an active support service with us and you need additional high security of your server you can contact us for installation of our tools.